Skip to Content
author's profile photo
Former Member

RAR false negatives

I have 2 instances of GRC RAR (sp13) pointed to the same backend systems, and functions/risks identical (imported from same source). The issue is that on one of the instances, critical risks (for a user) are found and on the other they are not, and the user does have the risk. Any ideas?

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

7 Answers

  • author's profile photo
    Former Member
    Posted on Apr 29, 2011 at 09:11 PM

    Check if the critical actions are maintinaed in the otehr system, also check the report type parameters.

    Regards,

    Chinmaya

    Add comment
    10|10000 characters needed characters exceeded

  • author's profile photo
    Former Member
    Posted on Apr 29, 2011 at 09:31 PM

    of course the risks are maintained...I think you probably meant enabled, and yes they are. Like I said, when you look at the risk or rule or function, they are identical....but one instance works and one does not.

    Add comment
    10|10000 characters needed characters exceeded

  • author's profile photo
    Former Member
    Posted on Apr 29, 2011 at 09:32 PM

    I forgot, the report parameters are identical as well.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Jack,

      What is the user type? Sometimes it happens that RAR-- configuration - Risk analysis --default value --> we ignore Service users or other types, in that case risk will not appear.

      Check it in both GRC Servers.

      Regards,

      Sabita

  • author's profile photo
    Former Member
    Posted on May 02, 2011 at 12:20 PM

    As I stated, ALL report parameters are identical and are set to ignore nothing, all user types, no critical roles/profiles defined, etc.

    Add comment
    10|10000 characters needed characters exceeded

  • author's profile photo
    Former Member
    Posted on May 03, 2011 at 12:41 PM

    at this point the only thing I checked was critical actions and critical permissions and they both show false negatives. I suspect that SOD checks will also have issues. It doesn't happen every time on every risk, but is repeatable. In other words, a particular risk will show false negatives and will always show false negatives, while one that doesn't won't ever show a false negative.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Try to download the rules from the GRC instance where it is coming correct and upload to another Instance where it is showing problem. Regenerate rules and check if the issue still persists. So far it seems there is some issue in rules itself.

      Are you using logical system?

      Regards,

      Sabita

  • author's profile photo
    Former Member
    Posted on May 04, 2011 at 12:51 PM

    I have done as you suggested twice.....when you compare the rules on screen, they appear identical. And yes, I am using logical systems on both instances, when I bring over the functions, risks, rules, etc. I am also bringing over the connectors and logical systems.

    Add comment
    10|10000 characters needed characters exceeded

  • author's profile photo
    Former Member
    Posted on May 04, 2011 at 12:53 PM

    And to answer before someone suggests it, I also deleted both the function(s) and the risk, regened the rules and then created (by hand) the function(s) and risks and updated the rules....no difference.

    Add comment
    10|10000 characters needed characters exceeded